This is an automated email from the ASF dual-hosted git repository.
jinrongtong pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
The following commit(s) were added to refs/heads/develop by this push:
new 89fdab4d58 [ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753)
89fdab4d58 is described below
commit 89fdab4d5830ce749e79ad5372d2b349e376c45a
Author: dingshuangxi888 <dingshuangxi...@gmail.com>
AuthorDate: Mon Jan 15 15:18:45 2024 +0800
[ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753)
* Fix ascii validate for ppv2 tls.
* fix ppv2 tls ascii check
---------
Co-authored-by: ShuangxiDing <shuangxi....@alibaba-inc.com>
---
.../rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java | 9 +++++----
.../org/apache/rocketmq/remoting/netty/NettyRemotingServer.java | 9 +++++----
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
index b584ddfbdc..cdf33165d7 100644
---
a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
+++
b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
@@ -41,6 +41,7 @@ import
io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactor
import io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate;
import io.grpc.netty.shaded.io.netty.util.AsciiString;
import io.grpc.netty.shaded.io.netty.util.CharsetUtil;
+import java.nio.charset.StandardCharsets;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.common.constant.HAProxyConstants;
@@ -193,13 +194,13 @@ public class ProxyAndTlsProtocolNegotiator implements
InternalProtocolNegotiator
}
if (CollectionUtils.isNotEmpty(msg.tlvs())) {
msg.tlvs().forEach(tlv -> {
- byte[] valueBytes =
ByteBufUtil.getBytes(tlv.content());
- if (!BinaryUtil.isAscii(valueBytes)) {
- return;
- }
Attributes.Key<String> key = AttributeKeys.valueOf(
HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX +
String.format("%02x", tlv.typeByteValue()));
+ byte[] valueBytes =
ByteBufUtil.getBytes(tlv.content());
String value = StringUtils.trim(new String(valueBytes,
CharsetUtil.UTF_8));
+ if
(!BinaryUtil.isAscii(value.getBytes(StandardCharsets.UTF_8))) {
+ return;
+ }
builder.set(key, value);
});
}
diff --git
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
index 735d36168f..7213b0c24f 100644
---
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
+++
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
@@ -55,6 +55,7 @@ import io.netty.util.TimerTask;
import io.netty.util.concurrent.DefaultEventExecutorGroup;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.util.List;
@@ -794,13 +795,13 @@ public class NettyRemotingServer extends
NettyRemotingAbstract implements Remoti
}
if (CollectionUtils.isNotEmpty(msg.tlvs())) {
msg.tlvs().forEach(tlv -> {
+ AttributeKey<String> key = AttributeKeys.valueOf(
+ HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX +
String.format("%02x", tlv.typeByteValue()));
byte[] valueBytes =
ByteBufUtil.getBytes(tlv.content());
- if (!BinaryUtil.isAscii(valueBytes)) {
+ String value = StringUtils.trim(new String(valueBytes,
CharsetUtil.UTF_8));
+ if
(!BinaryUtil.isAscii(value.getBytes(StandardCharsets.UTF_8))) {
return;
}
- AttributeKey<String> key = AttributeKeys.valueOf(
- HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX +
String.format("%02x", tlv.typeByteValue()));
- String value = StringUtils.trim(new String(valueBytes,
CharsetUtil.UTF_8));
channel.attr(key).set(value);
});
}
